package SV_AUTH_BYPASS_MUST;


import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;

public class Vulnerable {
    public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        Map<String, String> result = new HashMap<>();

        // result contains cookie values from request
       //...
        if ("true".equals(result.get("loggedIn")))
        {
            if (! AuthenticateUser(request.getParameter("password"), "" )) { // user authentication
            System.out.println("Error: you need to log in first");
        }
          else {
            Cookie loggedIn = new Cookie("loggedIn", "true");
             //...
        }
        }
    }

    private boolean AuthenticateUser(String password, String s) {
        return password.equals(s);
    }

}
